Lavasoft News - June 2007

New Targets in Detection (May 2007)


Adware.Baigoo tracks searches on Chinese search engines. This tracked information is transmitted to a remote server and may then be used to display targeted advertisements.


AntivirusPCSuite is rogue anti-spyware that tricks the user into buying the commercial version. AntivirusPCSuite's distribution methods are stealthy and/or misleading. The user is presented with misleading advertisements, often popped up from files and processes installed by trojans that scare / trick the user into clicking yes.


SpywareSoftStop is rogue anti-spyware that tricks the user into buying the commercial version. SpywareSoftStop's distribution methods are stealthy and/or misleading. SpywareSoftStop is known to drop additional files during installation that is then detected as malicious.


SystemStable is rogue anti-spyware and clone of SpyAway; it may give exaggerated threat reports on the compromised computer then ask the user to purchase a registered version to remove those reported threats.


Win32.Backdoor.Cakl provides remote unauthorized access to a machine. An attacker can thereby gain remote control over the infected machine.


Win32.Backdoor.Rizo is a backdoor opening ports so that an attacker may gain access to the infected computer. Win32.Backdoor.Rizo also generates a lot of network traffic which will negatively affect the speed of internet surfing on the infected machine.


Win32.Backdoor.WootBot is malware that can open up backdoors on a compromised computer.


Win32.Backdoor.Xdoor gives an attacker the possibility to unauthorized access and remote control of the machine without the user's knowledge.


Win32.TrojanDownloader.Murlo downloads malicious software from a remote server without the consent of the user.


Win32.TrojanProxy.Wopla allows remote access to the computer. It may also try to contact its author using mail.


Win32.TrojanProxy.Xorpix allows remote access to the computer and directs the traffic to the internet without the consent of the user. It also lowers system security by deleting firewall settings.


Win32.TrojanDownloader.Alphabet installs itself in stealth and may connect to various sites to download other viruses or malware to your system.


Win32.Trojan-PSW.Delf drops and loads a password stealing component on the infected system and tries to steal users account and login information.


Win32.Trojan.Peed captures different user passwords and logins. It logs users’ key strokes and emails the information to a specific e-mail address.

TAI - Threat Analysis Index
The Lavasoft Threat Analysis Index (TAI) system is based on a 10-point scale, with 1 representing the lowest threat and 10 representing the highest. The behavior of the program has more influence when assigning TAI points than the actual technical aspects of the malware. In other words, if the malware secretly attaches without the computer user's full understanding and approval, then it will automatically be given higher TAI points. A minimum TAI value of 3 is required before the malware is put into detection. Read more on the Lavasoft Security Center here.


Threat Analysis (TA) Index

Home   arrow

Lavasoft recommends SpeedUpMyPC - Buy Now for $29.95
Computer users are safety savvy when it comes to understanding potential threats coming in through their e-mail inboxes, like phishing, viruses, and malware. Results from an E-mail Sender and Provider Coalition survey show that over 80 percent of users recognize and report spam through functions in their e-mail service. Yet, it only takes one e-mail user in 10,000 to buy something from a spammer to keep them in business.

Source: Network World
Term of the Month
RSS is a type of web feed format used to publish constantly updated web-based content like blogs and news feeds. RSS stands for Really Simple Syndication, and can also refer to Rich Site Summary or RDF Site Summary. RSS delivers information as an XML file called an RSS feed or webfeed. By subscribing to a website's RSS feed, new content from that site is retrieved and presented to the computer user through their feed reader or feed aggregator program.

Tech Tips
It can be difficult and time consuming to keep track of all the news available on the web. Sign up for RSS feeds to stay up-to-date with news from your favorite websites. RSS is a convenient way to distribute news, plus it allows you to control the amount of data you receive online and decrease your online traffic, saving you time by not having to visit individual sites. To use RSS feeds, simply choose an RSS reader tool and then load RSS feeds into your reader from the sites you are interested in.

Lavasoft's Company Blog and the News from Research blog have RSS feeds up and running. By subscribing to the News from Research blog, you will be notified whenever a new Definitions File is released.
Helpful Homepage
Stop is a "neighborhood watch" group dedicated to fighting badware - spyware, malware and deceptive adware. Educate yourself by reading their in-depth reports on applications and websites, or fight back by submitting your badware story to aid their clearinghouse effort.
Lavasoft AB
Lilla Bommen 1
411 04 Gothenburg